Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard. B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised. C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if: 1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or 2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.
Your Rights and Our Responsibilities After We Receive Your Written Notice We must acknowledge your letter within 30 days, unless we have corrected the error by then. Within 90 days, we must either correct the error or explain why we believe the bill was correct. After we receive your letter, we cannot try to collect any amount you question, or report you as delinquent. We can continue to bill you for the amount you question, including finance charges and we can apply any unpaid amount against your credit limit. You do not have to pay any questioned amount while we are investigating, but you are still obligated to pay the parts of your bill that are not in question. If we find that we made a mistake on your bill, you will not have to pay any finance charges related to any questioned amount. If we didn’t make a mistake, you may have to pay finance charges, and you will have to make up any missed payments on the questioned amount. In either case, we will send you a statement of the amount you owe and the date that it is due. If you fail to pay the amount that we think you owe, we may report you as delinquent. However, if our explanation does not satisfy you and you write to us within ten days telling us that you still refuse to pay, we must tell anyone we report you to that you have a question about your bill. In addition, we must tell you the name of anyone we reported you to. Upon settlement of a disputed bill, we must notify anyone we reported you to that the matter has been settled. If we don’t follow these rules, we can’t collect the first $50 of the questioned amount, even if your bill was correct.
Information About Your Right to Dispute Errors In case of errors or questions about your electronic transactions, call (000) 000-0000, contact Oxygen Support via the in-app messaging feature or send an email message to: xxxxxx@xxxxxxxxx.xxx as soon as you can, if you think your statement or receipt is wrong or if you need more information about a transaction listed on the statement or receipt. We must hear from you no later than 60 days after we sent the FIRST statement on which the problem or error appeared. You will need to tell us: 1. Your name, the Account number and/or 16-digit Card number; 2. Describe the error or the transfer you are unsure about, and explain why you believe there is an error or why you need more information: and 3. The dollar amount of the suspected error. If you provide this information orally, we may require that you send your complaint or question in writing within ten (10) business days. We will determine whether an error occurred within ten (10) business days after we hear from you and will correct any error promptly. If we need more time, however, we may take up to forty-five (45) days to investigate your complaint or question. If we decide to do this, we will credit your Account within ten (10) business days for the amount you think is in error, so that you will have use of the money during the time it takes to complete the investigation. If we ask you to put your complaint or question in writing and you do not provide it within ten (10) business days, we may not credit your Account. For errors involving a new Account, POS transactions, or foreign-initiated transactions, we may take up to ninety (90) days to investigate your complaint or question. For a new Account, we may take up to twenty
BREACH DISCOVERY AND NOTIFICATION 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412. 20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR. 23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency. 26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification. 29 3. CONTRACTOR’s notification shall include, to the extent possible: 30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach; 32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including: 36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known; 1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved); 4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach; 6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and 8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address. 10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY. 13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach. 18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur. 20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above. 25 8. CONTRACTOR shall continue to provide all additional pertinent information about the
WHO WILL REVIEW THE INFORMATION DISCLOSED ON THE RELATIONSHIP DISCLOSURE FORM AND ANY UPDATES?
Confidentiality of processing MailChimp shall ensure that any person who is authorized by MailChimp to process Customer Data (including its staff, agents and subcontractors) shall be under an appropriate obligation of confidentiality (whether a contractual or statutory duty).
Escrow Agent Not Responsible for Furnished Information The Escrow Agent will have no responsibility for seeking, obtaining, compiling, preparing or determining the accuracy of any information or document, including the representative capacity in which a party purports to act, that the Escrow Agent receives as a condition to a release from escrow or a transfer of escrow securities within escrow under this Agreement.
Indemnification Related to Confidentiality of Materials The Contractor will protect, defend, indemnify, and hold harmless the Department for claims, costs, fines, and attorney’s fees arising from or relating to its designation of materials as trade secret or otherwise confidential.
Vendor’s Resellers as Related to This Agreement Vendor’s Named Resellers (“Resellers”) under this Agreement shall comply with all terms and conditions of this agreement and all addenda or incorporated documents. All actions related to sales by Authorized Vendor’s Resellers under this Agreement are the responsibility of the awarded Vendor. If Resellers fail to report sales to TIPS under your Agreement, the awarded Vendor is responsible for their contractual failures and shall be billed for the fees. The awarded Vendor may then recover the fees from their named reseller. If there is a dispute between the awarded Vendor and TIPS Member, TIPS or its representatives may, at TIPS sole discretion, assist in conflict resolution if requested by either party. TIPS, or its representatives, reserves the right to inspect any project and audit the awarded Vendor’s TIPS project files, documentation and correspondence related to the requesting TIPS Member’s order. If there are confidentiality requirements by either party, TIPS shall comply to the extent permitted by law. The TIPS Solicitation which resulted in this Vendor Agreement, whether a Request for Proposals, the Request for Competitive Sealed Proposals or Request for Qualifications solicitation, or other, the Vendor’s response to same and all associated documents and forms made part of the solicitation process, including any addenda, are hereby incorporated by reference into this Agreement as if copied verbatim. THE SECTON HEADERS OR TITLES WITHIN THIS DOCUMENT ARE MERELY GUIDES FOR CONVENIENCE AND ARE NOT FOR CLASSIFICATION OR LIMITING OF THE RESPONSIBILITES OF THE PARTIES TO THIS DOCUMENT. Texas governmental entities are prohibited from doing business with companies that fail to certify to this condition as required by Texas Government Code Sec. 2270. By executing this agreement, you certify that you are authorized to bind the undersigned Vendor and that your company (1) does not boycott Israel; and (2) will not boycott Israel during the term of the Agreement. You certify that your company is not listed on and does not and will not do business with companies that are on the Texas Comptroller of Public Accounts list of Designated Foreign Terrorists Organizations per Texas Gov't Code 2270.0153 found at xxxxx://xxxxxxxxxxx.xxxxx.xxx/purchasing/docs/foreign-terrorist.pdf You certify that if the certified statements above become untrue at any time during the life of this Agreement that the Vendor will notify TIPS within three (3) business day of the change by a letter on Vendor’s letterhead from and signed by an authorized representative of the Vendor stating the non-compliance decision and the TIPS Agreement number and description at: Attention: General Counsel ESC Region 8/The Interlocal Purchasing System (TIPS) 0000 Xxxxxxx 000 Xxxxx Xxxxxxxxx, XX,00000 And by an email sent to xxxx@xxxx-xxx.xxx The undersigned Vendor agrees to maintain the below minimum insurance requirements for TIPS Contract Holders: When the Vendor or its subcontractors are liable for any damages or claims, the Vendor’s policy, when the Vendor is responsible for the claim, must be primary over any other valid and collectible insurance carried by the Member. Any immunity available to TIPS or TIPS Members shall not be used as a defense by the contractor's insurance policy. The coverages and limits are to be considered minimum requirements and in no way limit the liability of the Vendor(s). Insurance shall be written by a carrier with an A-; VII or better rating in accordance with current A.M. Best Key Rating Guide. Only deductibles applicable to property damage are acceptable, unless proof of retention funds to cover said deductibles is provided. "Claims made" policies will not be accepted. Vendor’s required minimum coverage shall not be suspended, voided, cancelled, non-renewed or reduced in coverage or in limits unless replaced by a policy that provides the minimum required coverage except after thirty (30) days prior written notice by certified mail, return receipt requested has been given to TIPS or the TIPS Member if a project or pending delivery of an order is ongoing. Upon request, certified copies of all insurance policies shall be furnished to the TIPS or the TIPS Member. • Orders: All Vendor orders received from TIPS Members must be emailed to TIPS at tipspo@tips- xxx.xxx. Should a TIPS Member send an order directly to the Vendor, it is the Vendor’s responsibility to forward a copy of the order to TIPS at the email above within 3 business days and confirm its receipt with TIPS. • Vendor Encouraging Members to bypass TIPS agreement: Encouraging TIPS Members to purchase directly from the Vendor or through another agreement, when the Member has requested using the TIPS cooperative Agreement or price, and thereby bypassing the TIPS Agreement is a violation of the terms and conditions of this Agreement and will result in removal of the Vendor from the TIPS Program. • Order Confirmation: All TIPS Member Agreement orders are approved daily by TIPS and sent to the Vendor. The Vendor should confirm receipt of orders to the TIPS Member (customer) within 3 business days. • Vendor custom website for TIPS: If Vendor is hosting a custom TIPS website, updated pricing when effective. TIPS shall be notified when prices change in accordance with the award.